Skip to content

Latest commit

 

History

History
73 lines (51 loc) · 2.31 KB

052.md

File metadata and controls

73 lines (51 loc) · 2.31 KB

Jumpy Mocha Flamingo

Medium

The checkSequencer() has insufficient check for sequencerUptimeFeed

Summary

Inadequate checks to confirm the correct status of the sequecncerUptimeFeed in DebitaChainlink.checkSequencer() contract will cause checkSequencer() to not revert even when the sequecncerUptimeFeed is not updated or is called in an invalid round.

Root Cause

https://github.com/sherlock-audit/2024-11-debita-finance-v3/blob/main/Debita-V3-Contracts/contracts/oracles/DebitaChainlink.sol#L50 The chainlink docs say that sequencerUptimeFeed can return a 0 value for startedAt if it is called during an "invalid round"
Please note that an "invalid round" is described to mean there was a problem updating the sequencer's status, possibly due to network issues or problems with data from oracles, and is shown by a startedAt time of 0 and answer is 0.
This makes the implemented check below in the DebitaChainlink.checkSequencer() to be useless if it is called in an invalid round:

        uint256 timeSinceUp = block.timestamp - startedAt;
        if (timeSinceUp <= GRACE_PERIOD_TIME) {
            revert GracePeriodNotOver();
        }

Internal pre-conditions

No response

External pre-conditions

No response

Attack Path

No response

Impact

The checkSequencer() function to not revert even when the sequecncerUptimeFeed is not updated or is called in an invalid round. Violation of invariant: In the event that the sequencer is down, no additional loans should be created immediately with Chainlink Oracles.

PoC

No response

Mitigation

    function checkSequencer() public view returns (bool) {
        (, int256 answer, uint256 startedAt, , ) = sequencerUptimeFeed
            .latestRoundData();

        // Answer == 0: Sequencer is up
        // Answer == 1: Sequencer is down
        bool isSequencerUp = answer == 0;
        if (!isSequencerUp) {
            revert SequencerDown();
        }
        console.logUint(startedAt);

+       if(startedAt == 0){ 
+          revert;
+       }

        // Make sure the grace period has passed after the
        // sequencer is back up.
        uint256 timeSinceUp = block.timestamp - startedAt;
        if (timeSinceUp <= GRACE_PERIOD_TIME) {
            revert GracePeriodNotOver();
        }

        return true;
    }